The infostealer scene has undergone significant shifts, with a new attack vector targeting iOS and Android devices emerging, alongside a surge in investment scams on social media platforms. These developments were highlighted in the ESET Threat Report H2 2024, which delved into the evolving landscape of cyber threats and criminal activity.
The report, discussed in the latest episode of the ESET Research Podcast by Aryeh Goretsky, ESET Distinguished Researcher, and Ondrej Kubovič, Security Awareness Specialist, shed light on the changing dynamics of malware distribution and fraudulent schemes.
One of the key revelations in the report was the replacement of the notorious infostealer Agent Tesla by its old rival Formbook. This shakeup in the infostealer ecosystem was accompanied by the dismantling of Redline Stealer and Meta Stealer, underscoring the ongoing cat-and-mouse game between cybercriminals and law enforcement agencies.
Moreover, a new social engineering technique was identified as a driving force behind the rapid rise of Lumma Stealer, emphasizing the relentless innovation and adaptation of threat actors in their pursuit of ill-gotten gains.
In addition to infostealer developments, the report also highlighted a novel attack vector that targets both Android and iOS devices. By exploiting technologies that enable users to install apps directly from websites using mobile browsers, cybercriminals have found a new avenue for launching sophisticated attacks on unsuspecting victims.
Furthermore, the report drew attention to the proliferation of investment scams on social media platforms, with a particular focus on the HTML/Nomani scam. This fraudulent activity, characterized by its deceptive appearance and persuasive social engineering tactics, has ensnared numerous individuals seeking quick financial gains, underscoring the need for enhanced vigilance and cybersecurity awareness.
For those interested in delving deeper into the insights provided by the H2 2024 report, the ESET Research Podcast offers a comprehensive overview of the key findings and trends shaping the current threat landscape. Alternatively, the full report can be downloaded from the Threat Reports section of the WeLiveSecurity website.
Overall, the findings of the ESET Threat Report H2 2024 highlight the ongoing evolution of cyber threats and the need for robust cybersecurity measures to mitigate the risks posed by malicious actors. By staying informed and proactive in their cybersecurity practices, individuals and organizations can better protect themselves against emerging threats and safeguard their digital assets.